Easy Email Encryption

Husmail provides a way to secure private emails which are otherwise notoriously insecure. You can think of email more like an e-postcard. Everywhere that the postcard/email goes, the content can be easily read. If all that your postcards/emails say is “Having fun in Cancun, wish you were here!” then you probably don’t need to worry too much. If you have ever sent anything more substantive than that, keep reading.

Features

Hushmail allows you to encrypt your messages so that they are encrypted before being sent out over the internet. Your message is only decrypted once it reaches its destination. Also, Husmail itself will only store the key that you use to encrypt the message very briefly. They will still respond to a court order to collect your private key when you log on, but that does not happen very often and it only happens if you are suspected of a crime. It is a lot like protecting your internet use with anonymous browsing.

The encryption of your emails means that your messages cannot be read as they are passed around the internet before reaching their destination. A curious low level employee of Hushmail can’t snoop into your account and read your messages very easily because Husmail does not store your private key on their server. Those employees only have access to your message, and any stored messages, for the brief time that you are logged in to your email account, reducing the chance that a curious employee will look around to see what they can see.

In a political environment of increasing efforts at constant surveillance of the citizenry, this makes it exponentially harder for authorities to monitor your communications. They will require some particular steps to single you out and then take the necessary steps to intercept your encrypted messages. When a court of British Columbia issues an order to Hushmail to read your emails, Husmail will comply and allow the authorities to view messages sent and received through your account. They will collect your password only after you log in following the request, thus any messages that you sent or received before that time which are not stored on your account will probably not be available to the authorities to view. Only new messages will likely be available. Although there are some examples of Hushmail complying with a court order, they are not very common.

Easily Increase Privacy

Although the default setting for Husmail login is to encrypt and decrypt using their server (meaning that you enter your password into the server and let the server encrypt/decrypt your message), every time you log in with your password you can select an option to use Java which allows you to encrypt and decrypt on your own computer instead. This provides yet another level of security because if you use this feature, your message will be encrypted before being sent to Husmail, or decrypted after Hushmail has sent the message to you. Not even the employees will have access to those messages at all because all of the encryption is done on your own machine. Java is not used on many computers, but if this feature is something that interests you, you may consider installing it and running it on your own computer so that you can take advantage of this option. Both options, user side and server side encryption, greatly increase your level of privacy in your messages.

What Hushmail Does Not Do

Husmail cannot protect you from keyloggers installed on your computer. If you are being snooped by the authorities or a malicious hacker or identity thief with this kind of program, you are not secure before you even log in to Hushmail and thus nothing that you do on a compromised computer can be secure.

Hushmail Benefits

Hushmail makes casual snooping into your account virtually impossible. For individuals who share very sensitive or very valuable information by email, it can be particularly important to raise the bar so that your email messages cannot be intercepted with ease. As an attorney, I use Hushmail to keep email communications with my clients confidential whenever necessary. Husmail has a free service which is a good way to get started, but the storage capacity of emails is extremely limited with the free service. An inexpensive subscription greatly increases the amount of storage space which will be sufficient for most users who exchange communication and documents regularly.

Other Considerations

Once you set your Husmail login password for your account, you cannot recover the password if you forget it. Unlike other systems, which store your password thus allowing some employees access to all of your email messages, Hushmail does not store any of this information which means you need to have a good memory.

There are other services and tools available. Some open source tools, like gnupg.org are free but require some technical expertise to use. Husmail is very simple and straightforward and operates much like any other common email system. Also remember, that your email communication is only as secure as the least secure end of the conversation. Thus, the best way to keep your email communications secure is to use Hushmail and share this with your friends and family so that they can all use Hushmail too. Imagine what a nightmare it is for the advocates of constant surveillance if your entire social and professional network is sending and receiving strongly encrypted messages among each other. The more encrypted messages that are sent, the more resources that must be spent to surveil all messages and the less likely it will be that they even get to your birthday email to grandma wishing her a happy birthday. And boy will they feel foolish when they find out that they just spend weeks and thousands of dollars to decrypt “Happy 80th birthday grandma!”

Conclusion

I have used Hushmail for a while and I think it is not only an easy to use and handy tool, it is an important tool to protect the privacy of your communications with others. Share this article with others and get as many people to start using Hushmail as possible to get the most benefit out of it possible. Using secure email with other forms of private communication can create a great shield of privacy. So can using anonymous web surfing. Get the Book How To Vanish to form a comprehensive strategy for protecting your privacy.

ABOUT THE AUTHOR: The Drifter is a California attorney. He holds a degree in Accounting from the University of Utah and a law degree from California Western School of Law. He practices civil litigation, domestic and foreign business entity formation and transactions, criminal defense and privacy law. He is a strong advocate of personal and financial freedom and civil liberties. This is merely one article of 129 by The Drifter.

I really am referring to Hushmail, not Hotmail or anything else like that, I just don’t want Echelon to know that I am a trouble maker! Maybe I should have used different alternate spellings like Hu$hmail, #ushmail, Hushm@il or Hushma!l.

Hushmail is notoriously insecure. They will gladly hand over all your emails (even those which were supposedly “deleted”) to the authorities when subpoenaed to do so. Hushmail also has the encryption keys so they will hand those over too. Instead people should rely on GnuPG (www.gnupg.org) to secure their emails. GnuPG can be used with any email service and Jabber/XMPP instant messaging.

Josh, thanks for the update.
Since this article was first published, Hushmail has released some information to authorities under subpoena. Hushmail is still a great tool for a couple of reasons.
1) No Warrantless Wiretapping – Encrypted email service like Hushmail prevent snoopers from reading emails sent around the internet. This includes warrantless snooping from the government. To get a subpoena there must be a case actually filed against a defendant.
2) Increases Cost Of Law Enforcement – Prosecutors have a limited budget to pursue a case. Document review costs money, subpoena’s cost money, subpoena’s to a foreign country cost even more money. The more money that has to be spent to pursue a case against you, the harder it is for prosecutors to be successful. It is a simple economic reality that Hushmail can help contribute to your success.
3) Easy to Use – Hushmail is extremely easy so people will still benefit from the service even though it would not prevent discovery in the event of legal action.
GnuPG is a great resource too. If Hushmail is not good enough, I would say take the time to learn it and use it.

I and would not use Hushmail for any sensitive or confidential emails. I highly recommend that everyone use and learn encryption like PGP to encrypt their emails, files and hard drives. I use IronKey to secure my sensitive work files when transporting files and when surfing the Internet using free Wifi hotspots.

I am a long time Hushmail user. However I have switched to Countermail.com. There are huge differences between the two services, mainly:

* CM stores ALL mails in encrypted format. Hush only stores incoming and outgoing encrypted mails in encrypted format. All other mails are stored in cleartext.
* CM does not log IP addresses. Ever. Hush logs up to 30 months.
* CM lets you store you PGP-key yourself if you want to
* CM offers true Man-In-The-Middle protection whereas Hush does not.
* CM is located in Sweden. Swedish laws does not permit warrants for forcing an email-provider to cooperate to eavesdrop on an account. Hush is located in Canada and is subject to their laws and also US law because of the mutual legal treaty. Canadian law permits warrants that forces an email provider to eavesdrop on its clients.

There are many other reasons for switching to Countermail.

Hushmails advantages are that their new interface is much nicer and they are cheaper. Thats it.

Well, I had a free account but forgot pass phrase and asked them if I called them and gave them my info, could I get back in since I wanted to use the same email address. They said No Way. I think it’s ridiculous but after reading other articles about them, it’s just as well I decided not to get
another hushmail account.